Unable to pull AWS image for Python 2.7.12

Question

My CloudFormation template contains the following resource definition:

MyBuildResource:
  Type: AWS::CodeBuild::Project
  Properties:
    Name: !Sub ${AWS::StackName}-my-build-resource
    ServiceRole: !Ref MyServiceRole
    Artifacts:
      Type: CODEPIPELINE
    Source:
      Type: CODEPIPELINE
      BuildSpec: subtemplate.yaml
    Environment:
      ComputeType: BUILD_GENERAL1_SMALL
      Image: aws/codebuild/python:2.7.12
      Type: LINUX_CONTAINER
      EnvironmentVariables:
        - Name: FOO
          Value: 42

I get the error message "Unable to pull customer's container image. ErrorCode: 404, Reason: pull access denied for aws/codebuild/python, repository does not exist or may require 'docker login'". This doesn't make sense to me as the images appears to be available. Is something else wrong in the resource definition?

1ijk · Answer 1 · 2018-07-16T14:34:08.323

0

I think https://stackoverflow.com/a/47465100 provides the correct answer. MyServiceRole needs to

Effect: Allow
Action:
  - ecr:GetDownloadUrlForLayer
  - ecr:BatchGetImage
  - ecr:BatchCheckLayerAvailability
Resource: "*"

Previously, I only allowed those actions on my own repository, which would prevent me from getting the AWS images.

EDIT: I've updated as I confirm the problem and its resolution.

edited Jul 16 '18 at 14:34

answered Jul 16 '18 at 14:22

1ijk

101
4

Unable to pull AWS image for Python 2.7.12

1 Answers1